I’m experiencing poor performance on user authentication, and would like suggestions to try to improve it.
I’m using Drupal integrated to a third party system that runs on the Salesforce.com (SFDC) platform. Okta is doing the SSO for these. AD is the IDP, and contains security groups to assign the user permissions to SFDC (all users in AD have access to Drupal).
Here is the authentication flow :
When the user starts the login process, username (email) and password are sent to Drupal for validation.
Login (username/password) → [Drupal UI – Browser] → Login User → [Drupal Backend]
The Drupal backend calls Okta API and validate the credentials in Okta.
Validate user credentials → [Okta – Authentication API]
If the validation with Okta passes, then a redirection and a session token are created; this is sent to the UI because we are using JavaScript to perform the redirection. When the redirection is called, then a session cookie is generated in the user’s browser.
[Drupal UI - Browser] ← [Drupal – backend] ← Successfully validated with session token ← [Okta – Authentication API] [Drupal UI - Browser] → Redirects user to SFDC endpoint with Session Cookie → [Okta – Session API]
We then need to start validation against Salesforce, because the only way we can provide access to Salesforce is through Okta. Then a last redirection is required to Salesforce and as the cookie was already generated in the previous step, then it allows the user to get access to Salesforce.
[Drupal UI – Browser] → Runs the SFDC oAuth flow to get an API access token → SFDC
